Описание
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 91.9.1
MFSA 2022-19 (bsc#1199768):
- CVE-2022-1802: Prototype pollution in Top-Level Await implementation (bmo#1770137).
- CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution (bmo#1770048).
Update to Mozilla Thunderbird 91.10
MFSA 2022-22 (bsc#1200027):
- CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923)
- CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767)
- CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388)
- CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files (bmo#1765049)
- CVE-2022-31740: Register allocation problem in WASM on arm64 (bmo#1766806)
- CVE-2022-31741: Uninitialized variable leads to invalid memory read (bmo#1767590)
- CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email (bmo#1767816)
- CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (bmo#1730434)
- CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734)
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP3
SUSE Linux Enterprise Module for Package Hub 15 SP4
SUSE Linux Enterprise Workstation Extension 15 SP3
SUSE Linux Enterprise Workstation Extension 15 SP4
openSUSE Leap 15.3
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2022:2062-1
- E-Mail link for SUSE-SU-2022:2062-1
- SUSE Security Ratings
- SUSE Bug 1199768
- SUSE Bug 1200027
- SUSE CVE CVE-2022-1529 page
- SUSE CVE CVE-2022-1802 page
- SUSE CVE CVE-2022-1834 page
- SUSE CVE CVE-2022-31736 page
- SUSE CVE CVE-2022-31737 page
- SUSE CVE CVE-2022-31738 page
- SUSE CVE CVE-2022-31739 page
- SUSE CVE CVE-2022-31740 page
- SUSE CVE CVE-2022-31741 page
- SUSE CVE CVE-2022-31742 page
- SUSE CVE CVE-2022-31747 page
Описание
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Затронутые продукты
Ссылки
- CVE-2022-1529
Описание
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Затронутые продукты
Ссылки
- CVE-2022-1802
Описание
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10.
Затронутые продукты
Ссылки
- CVE-2022-1834
Описание
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Затронутые продукты
Ссылки
- CVE-2022-31736
- SUSE Bug 1200027
Описание
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Затронутые продукты
Ссылки
- CVE-2022-31737
- SUSE Bug 1200027
Описание
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Затронутые продукты
Ссылки
- CVE-2022-31738
- SUSE Bug 1200027
Описание
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Затронутые продукты
Ссылки
- CVE-2022-31739
- SUSE Bug 1200027
Описание
On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Затронутые продукты
Ссылки
- CVE-2022-31740
- SUSE Bug 1200027
Описание
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Затронутые продукты
Ссылки
- CVE-2022-31741
- SUSE Bug 1200027
Описание
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Затронутые продукты
Ссылки
- CVE-2022-31742
- SUSE Bug 1200027
Описание
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Затронутые продукты
Ссылки
- CVE-2022-31747
- SUSE Bug 1200027